METHOD AND APPARATUS FOR VERIFYING THE IDENTITY OF A WIRELESS DEVICE
A method, device, computer program product, and apparatus for verifying the identity (ID) of a wireless device are described. The ID and a first measurement of a trusted access point (AP) are received from the wireless device. A second measurement from the trusted AP is received, where the second measurement is of a signal comprising the ID. To verify the ID, consistency of the first and second measurements is verified.
This application claims the benefit of U.S. Provisional Patent Application Ser. No. 61/931,532, filed on Jan. 24, 2014, entitled, “VERIFYING THE IDENTITY OF A WIRELESS DEVICE,” which is herein incorporated, in its entirety, by reference.
FIELDThe subject matter disclosed herein relates generally to wireless device identification verification.
BACKGROUNDFor a device in communication with wireless access points (APs), measurement of Wi-Fi signals (e.g., IEEE 802.11x standards) can be utilized by the device or by a location server to derive position information for the device (e.g., a latitude and longitude). Conventional network based positioning (NBP) techniques may utilize measurements such as Received Signal Strength Indication (RSSI), Angle Of signal Arrival (AOA) and Round Trip signal propagation Time (RTT) measurements derived from radio frequency (RF) Wi-Fi signals transmitted from the device. For example, with NBP, signals received from a device by one or more APs in a network of APs may be measured by the APs and used (e.g., by a location server that can access the measurements from the APs) to determine a location for the device. An AP can be a device that allows wireless devices to connect to a wired network using Wi-Fi, or other wireless standards. Utilizing NBP measurement techniques to accurately determine the position of a device typically involves obtaining measurement information from APs nearby to the device. NBP methods involving Wi-Fi APs typically rely on being able to correctly identify a target device using the device MAC address that is present in Wi-Fi frames transmitted by the device. However, a MAC address is not always a reliable means of identifying a device as a MAC address may be deliberately falsified by a process known as spoofing.
As an example of spoofing, a device (e.g., a fixed or mobile device) “A” may masquerade as another device “B”. Device “A” may access a location service for a venue such as a shopping mall or airport (e.g., may access a location server (LS) in the venue) that provides location services to devices in the venue. Location services may provide an estimate of the current location of any device to that particular device. Location services may also provide a map (e.g., a floor plan) of the venue to the device with the current position of the device indicated on the map. Device “A” can provide the MAC address of the device “B” to the location service (e.g., to an LS or to an application server such as a location based services (LBS) application server (AS) for the In Location Alliance (ILA) architecture). For example, device “A” or the user of device “A” may discover the MAC address of device “B” by monitoring Wi-Fi transmissions nearby to device “B” over a period of time (e.g. an hour) and observing a common MAC address being transmitted as device “B” moves between different locations. Alternatively or in addition, device “A” may employ ranging measurements (e.g., of RSSI or RTT) to measure ranges to nearby Wi-Fi devices and may associate the MAC address for device “B” with the MAC address whose measured range corresponds to a known estimated range from device “A” to device “B”. The MAC address for device “B” can be provided to the location service as purporting to belong to the device “A”. For example, the MAC address could be provided to an LS for the venue location service using some higher level protocol such as the User plane Location Protocol (ULP) defined by the Open Mobile Alliance
Device “A” (e.g. the user of device “A”) may intend to track the location of device “B” (e.g. the user of device “B”) by means of NBP supported by the venue location service in one venue or in a set of venues. The venue location service (e.g. an LS or LBS AS for the location service) may be able to authenticate another identity for the device “A” such as a user ID or an International Mobile Subscriber Identity (IMSI) and may thereafter assume that device “A” is trustworthy. If device “A” then provides the MAC address of device “B” as if the address belongs to device “A”, the location service (e.g. an LS and/or LBS AS) may just assume that this is correct and may then proceed to locate device “B” using the MAC address of device “B” provided by device “A” and subsequently return the location of device “B” to device “A”—leading to unauthorized tracking of device “B” by device “A”. The venue may employ NBP to track the location of device “B” using the MAC address provided by device “A” assuming that this location will correspond to that for device “A” and thereby not infringe the privacy of another user. Such spoofing may be possible if the venue is unable to verify that the MAC address provided by device “A” actually belongs to device “A”.
In a different type of spoofing, one device “A” may masquerade as another device “B” by including the MAC address of device “B” in IEEE 802.11 Wi-Fi frames transmitted by device “A”. Any location derived from measurements of such frames using NBP in a venue may then incorrectly ascribe the location to device “B”, which may allow a device “A” to spoof incorrect locations for the device “B” to some client who wants to know the current location of device “B”. For example, this type of spoofing could be used to falsely locate the user of device “B” at a location remote from the real location of the user of device “B” which could then be used for a number of criminal or other nefarious purposes.
Therefore, new and improved identification verification techniques are desirable to enable verification of a MAC address or other address of a device that is visible to access points that support NBP and that may be used to locate a device.
SUMMARY OF THE DESCRIPTIONEmbodiments disclosed herein may relate to a method for verifying an identity (ID) claimed by a wireless device. The method may include receiving the ID and a first measurement from the wireless device. The method may include receiving a second measurement from a trusted access point (AP), where the second measurement is of a signal comprising the ID. The method may further include verifying consistency of the first and second measurements.
Embodiments disclosed herein may relate to a machine readable non-transitory storage medium having stored therein program instructions that are executable by a processor to verify an ID claimed by a wireless device. The storage medium may include instructions to receive the ID and a first measurement from the wireless device. The storage medium may also include instructions to receive a second measurement from a trusted AP, where the second measurement is of a signal comprising the ID. The storage medium may also include instructions for verifying consistency of the first and second measurements.
Embodiments disclosed herein may relate to an apparatus that includes means for verifying an ID claimed by a wireless device. The apparatus may also include means for receiving the ID and a first measurement from the wireless device. The apparatus may also include means for receiving a second measurement from a trusted AP, where the second measurement is of a signal comprising the ID. The apparatus further includes means for verifying consistency of the first and second measurements.
Embodiments disclosed herein may relate to a device or server including a processor and a storage device configurable to store instructions to verify an ID claimed by a wireless device. The device or server may include instructions to receive the ID and a first measurement from the wireless device. The device or server may also include instructions to receive a second measurement from a trusted AP, where the second measurement is of a signal comprising the ID. The device or server may further include instructions to verify consistency of the first and second measurements.
Other features and advantages will be apparent from the accompanying drawings and from the detailed description.
In one embodiment, Wireless Device Identification Verification (WDIV) determines the credibility of a device requesting network based positioning (NBP) within a venue. For example, a device “D” may provide identification comprising a Media Access Control (MAC) address “A” when connecting to a location server or an application server; however, the identification may be spoofed from some other legitimate device. This may allow the device “D” to track the location of the legitimate device. In one embodiment, to determine credibility of the device “D” requesting NBP, WDIV receives another MAC address “B” from the device “D” of an AP within Wi-Fi radio range of the device “D”. WDIV can then compare the received MAC address “B” to a MAC address of a trusted AP within the venue that is able to receive IEEE 802.11 Wi-Fi signals from the device “D” that contain the MAC address “A” claimed by the device “D”. Provided the device “D” reports the MAC address “B” of a trusted AP that is able to receive the MAC address “A” claimed by the device “D”, there would be a high probability that device “D” really is nearby to the trusted AP such that the trusted AP and device “D” can each receive signals from one another. In that case, receipt of the MAC address “A” claimed by the device “D” by the trusted AP provides strong evidence that the device “D” owns (or at least is currently using) the MAC address “A”.
In some embodiments, WDIV utilizes RSSI, AOA and/or RTT measurements to verify a device ID such as an IEEE 802.11 MAC address. For example, WDIV can request RSSI, AOA and/or RTT measurements made by a device of nearby APs using Mobile Based Positioning (MBP) and compare the received RSS, AOA and/or RTT measurements with locally obtained RSSI, AOA and/or RTT measurements for the device obtained by trusted APs and can verify that the two sets of measurements are compatible with one another as described in further detail later herein.
In some embodiments, WDIV utilizes location information obtained from a device requesting NBP. For example, WDIV can request a device provide location measurements to enable a location server for a venue to obtain a location estimate for the device using mobile based positioning (MBP). The location server may then compare the location estimate obtained using MBP to a second location estimate for the device obtained using NBP, from measurements obtained from one or more trusted APs based on a purported MAC address for the device, and may verify that the two location are the same or almost the same.
In one embodiment, WDIV detects whether a target wireless device requesting NBP is providing a correct ID or an ID belonging to some other wireless device (and thus an incorrect ID). The ID may be an IEEE 802.11 MAC address used for Wi-Fi or could be some other identity or address (e.g. an IP address, an International Mobile Subscriber Identity (IMSI) or an IEEE 802.11 MAC address used for Bluetooth®) that is visible to APs (e.g., AP 105-1 and 105-2) able to receive wireless messages or signals from the target device. A target device (e.g., target device 110-1) may be located within the venue at a target location 120 that provides location services to wireless devices using NBP. An alternate location (e.g., location 140) may also be within the venue but may also be located at a remote location that is not within the venue. A remote or alternate device (e.g., device 110-2) may attempt to spoof the identification (e.g., MAC address) of the target device 110-1. The alternate device 110-2 may be a wireless device or a (non-wireless) computer system (e.g. a PC or laptop) attempting to determine the location and position of the target device 110-1. The alternate device 110-2 may connect to an alternate AP (e.g., AP 105-2) local to the alternate wireless device or may connect via other means (e.g. via a cellular or wireline network such as the Internet). The alternate AP 105-2 and/or the alternate device 110-2 may connect to the location server 160 and/or application server 155 through the network 150.
The terms “wireless device”, “target device”, “target wireless device” and “mobile device” are used interchangeably herein to refer to a communications entity typically associated with a single user that has the ability to communicate wirelessly and that may be portable and/or mobile. The term “device” is used herein to refer to a device that may or may not be a wireless device. A wireless device may be referred to by other names such as a mobile station (MS), a station, a terminal, a target, a wireless terminal, a mobile terminal, a user equipment (UE) or a Secure User Plane Location (SUPL) Enabled Terminal (SET).
The venue for the target location 120 may maintain one or more trusted wireless APs (e.g., AP 105-1) to serve users at the venue (e.g., at target location 120). The trusted AP 105-1 may be part of a Wireless Local Area Network (WLAN), which may operate in a venue such as an office, shopping center, museum, stadium, college campus, airport, hospital, outdoors, or in any other building, building complex, installation or area. Trusted APs may be interconnected to each other, to servers (e.g., location based services application server (LBS AS) 155 and location server 160), and to other wireless devices and devices via the network 150. Network 150 may be a WLAN, a collection of WLANs, a cellular network, a local area network (LAN) or a wireline network that interconnects entities within the venue and may provide access to entities and networks outside the venue (e.g. the Internet). In some embodiments, network 150 may comprise a number of interconnected wireless and/or wireline networks. APs 105-1 and 105-2 may be Wi-Fi APs, Bluetooth APs, femtocells, home base stations, small cells or even base stations supporting pico and macro cells. APs 110-1 and 110-2 may be part of network 150 or separate from network 150 (e.g. part of a WLAN for the venue associated with target location 120). APs 105-1 and 105-2 may support communication using Wi-Fi 802.11x protocols as generally assumed here or may support communication using other or additional wireless technologies such as Long Term Evolution (LTE) or Wideband Code Division Multiple Access (WCDMA) as defined by the 3rd Generation Partnership Project (3GPP) or Bluetooth. APs 105-1 and 105-2 may be fixed (e.g. at known locations) or may (e.g. occasionally) be moved. The WDIV techniques described herein for verifying an address claimed by a wireless device may be used to verify not only MAC addresses for Wi-Fi 802.11x and Bluetooth but also other addresses such as an IP address or IMSI.
When determining the position of a wireless device using a WLAN, a wireless device (e.g., wireless devices 110-1 and 110-2) or a location server (e.g. location server 160) may utilize time of arrival and signal strength techniques. The location server 160 may communicate with wireless devices (e.g. wireless device 110-1) through a network (e.g., network 150) and/or via APs in the WLAN (e.g. via AP 105-1) and may use the communication to: (i) request location information from a wireless device (e.g. a location estimate or location related measurements); (ii) provide assistance data to a wireless device to enable the wireless device to obtain location related measurements (e.g. measurements of signals transmitted by APs) and/or determine a location estimate for the wireless device from location related measurements; and/or (iii) provide a location estimate of the wireless device to the wireless device that was determined by the location server. The position of each AP (e.g. AP 105-1 and/or AP 105-2) in a common coordinate system may be known a-priori and may be stored in the location server 160 (e.g., within a location database). In some embodiments, the position of each AP may not be known but a radio map for each AP may be known (e.g. via calculation or crowdsourcing of measurement data by many wireless devices) that may provide predicted signal characteristics for signals transmitted by the AP such as RSSI and/or RTT at a number of known locations (e.g. locations spaced 1 meter apart in a rectangular grid of locations for the radio coverage area of the AP). In some embodiments, each respective AP can perform measurement techniques (e.g., RSSI and RTT) to determine the AP's position relative to other visible APs and wireless devices in the coverage area of the AP.
In one embodiment, to determine the position of a target device such as target device 110-1, each AP in the venue may transmit signals that may be received by the target device. Each signal may be associated with the signal's originating AP based upon some form of identifying information that may be included in the transmitted signal (e.g., a MAC address for the originating AP). The target device may then perform measurements of RSSI, RTT, AOA, time of arrival (TOA), time difference of arrival (TDOA) compared to signals received from some other AP and/or other characteristics of the received signal. The measurements of signals received from one AP or a number of APs may then be used by the target device to determine a location estimate for the target device using mobile based positioning (MBP) techniques. For example, AOA measurements combined with known positions for the source APs may be used to determine the target device's location using triangulation. Alternatively, RSSI or RTT measurements may be used to determine distances (or ranges) from the target device to source APs with the wireless device location obtained using trilateration. As another alternative, measurements such as of RSSI or RTT obtained for signals transmitted from a number of APs may be compared to a radio map for each AP containing expected values of such characteristics as RSSI or RTT at different known locations with a location for the target device then being determined using a technique known as RF pattern matching. To assist the target device to determine its location using these techniques, a location server such as location server 160 may provide assistance data to the target device containing such information as the exact locations of the source APs, transmission characteristics of the source APs (e.g. transmission power and antenna characteristics) and/or radio maps for the source APs.
In a variant of MBP, known as wireless device assisted MBP, the target device may make location related measurements for signals received from source APs but may transfer the measurements to a location server together with the identity of each source AP (e.g. MAC address) received in the measured signals, following which the location server may determine a location for the target device using the same positioning techniques. Although a target device can make use of signals transmitted by APs (e.g. Wi-Fi APs or Femtocells) to provide a location server with measurements for MPB positioning, signals from other sources can be measured by a target device to support other MBP position methods such as Assisted Global Navigation Satellite System (A-GNSS), in which signals from satellites for such GNSS systems as GPS, Galileo or GLONASS are measured by a target device, or Observed Time Difference Of Arrival (OTDOA), in which time difference between pairs of bases stations (e.g. eNodeBs for LTE) or femtocells (e.g. Home eNodeBs) are measured and reported to a location server.
In another embodiment, to determine the position of a target device such as target device 110-1, each AP in the venue may receive signals that may be transmitted by the target device. The signals may be associated with the target device based upon some form of identifying information that may be included in the transmitted signals (e.g., a MAC address for the target device). A receiving AP may then perform measurements of RSSI, RTT, AOA, TOA, TDOA (e.g. TDOA of signals received from the target device compared to signals received from another AP) and/or other characteristics of the received signal. The measurements of signals transmitted by the target device and received and measured by one AP or by a number of APs may then be used to determine a location estimate for the wireless device using network based positioning (NBP) techniques. For example, the determination may occur at a location server such as location server 160 to which the AP or APs may forward both the measurements and the identification of the target device included in the measured signals. Similar positioning techniques for NBP may be used as for MBP—e.g. AOA measurements may enable location determination using triangulation whereas RSSI and/or RTT measurements may enable location determination using trilateration.
In some embodiments in which MBP or NBP is used, measurement procedures may be used that involve an exchange of signals or messages between an AP and a target device and possibly in which both the AP and the target device obtain measurements. When the final measurements are obtained by the AP (together with an identification of the target device contained in signals transmitted by the target device), the measurements may be used to help obtain the location of the target device using NBP techniques. When the final measurements are obtained by the target device (together with an identification of the AP contained in signals transmitted by the AP), the measurements may be used to help obtain the location of the target device using MBP techniques
With respect to
As illustrated in
Should the alternate AP 105-2 also be a trusted AP (e.g. part of a WLAN for the venue associated with the target location 120) in the above example, WDIV (e.g. implemented in the location server 160) may request one or more trusted APs to report all wireless devices that are visible to each AP or just report whether a particular wireless device with the ID provided by the alternate (spoofing) device 110-2 is visible to each AP. Assuming that the alternate device 110-2 is falsely claiming the ID of the target device 110-1, the trusted AP 105-1 will report receiving this ID (since target device 105-1 is within coverage of AP 105-1), but alternate AP 105-2 will not report receiving this ID (because target device 110-1 is not within coverage of alternate AP 105-2). WDIV may then determine that alternate device 110-2 may be falsely claiming the ID of another wireless device (here target device 110-1) because the AP reported as seen by the alternate device 110-2 (AP 105-2) does not match the trusted AP (AP 105-1) that receives signals from a wireless device with the ID claimed by alternate device 110-2. In response to determining a possibility of spoofing, the alternate device 110-2 may be blocked or otherwise blacklisted from access to NBP and/or other location services.
Three alternative scenarios may be distinguished in
Location server 160 now has two sets of information that can be compared. The first set comprises information provided by target device 110-1 related to APs nearby to target device 110-1. The second set comprises information received from APs that can detect signals or messages from target device 110-1. Since in this first scenario, target device 110-1 has provided a correct MAC address, the two sets of information will closely match one another. For example, target device 110-1 may indicate that it detected the MAC address of AP 105-1 while AP 105-1 may report that it detected the MAC address of target device 110-1. Similarly, target device may measure and report an RSSI, RTT and/or AOA for AP 105-1 that is the same as or is consistent with (e.g. correlates with) an RSSI, RTT and/or AOA measured and reported by AP 105-1 based on signals or messages received from target device 110-1. For example, RSSI or RTT measurements may be considered to be consistent if they indicate a similar distance (or range) between AP 105-1 and target device 110-1, whereas AOA measurements may be considered to be consistent if they indicate directions that are approximately in opposition (e.g. with AP 105-1 measuring an AOA in Northerly direction and target device 110-1 measuring an AOA in a southerly direction). Finally, any location provided by target device 110-1 or obtained by location server 160 using wireless device assisted MBP from measurements provided by target device 110-1 may be the same as or almost the same as (e.g., within a threshold distance of) a location obtained by location server 160 using NBP from measurements provided by AP 105-1 and possibly by other trusted APs able to receive signals or messages from target device 110-1. Because the two sets of information match and were obtained by separate wireless devices, one set of which (i.e. the APs) can be trusted, it means target device 110-1 can credibly be assumed to be using the MAC address it provided to location server 160 or LBS application server 155.
In the second scenario illustrating WDIV related to
As in the first scenario, location server 160 may request APs such as AP 105-1 and possibly AP 105-2 to indicate if a wireless device is detected transmitting the MAC address claimed by alternate device 110-2. Since this was an incorrect MAC address in this scenario, AP 105-2 may not detect the MAC address. However, if the incorrect MAC address corresponds to the MAC address of target device 110-1, then AP 105-1 may report that it can detect the MAC address (if target device 110-1 is currently transmitting) and may provide associated RSSI, RTT and/or AOA measurements. Since alternate device 110-2 would most likely not have reported the identity of AP 105-1 or provided RSSI, RTT and/or AOA measurements for AP 105-1 corresponding to or consistent with any measurements made by AP 105-1 for the spoofed wireless device 110-1, there will be a mismatch between the information provided by alternate device 110-2 and the information provided by APs such as AP 105-1. In addition, any location reported by or derived from measurements from alternate device 110-2 will likely not match any location for the spoofed wireless device 110-1 derived using NBP from measurements obtained from APs such as AP 105-1. Based on this mismatch, location server 160 can conclude that alternate device 110-2 did not provide a correct MAC address and can deny provision of service such as providing NBP based location to alternate device 110-2.
In the third scenario illustrating WDIV related to
As in the first and second scenarios, location server 160 may request APs such as AP 105-1 and AP 105-2 to indicate if a wireless device is detected transmitting the MAC address provided by the external client and being used (in this scenario) by both target device 110-1 and (falsely) by alternate device 110-2. In this scenario, AP 105-2 may report detecting the MAC address due to receiving signals transmitted by the spoofing device 110-2. AP 105-1 may also report detecting the MAC address due to receiving signals transmitted by target device 110-1 if target device 110-1 is inside the venue. Location server 160 can then observe that the MAC address of AP 105-2 that reported seeing the MAC address of target device 110-1 was not observed by target device 110-1 and that AP 105-2 may be distant from any AP (such as AP 105-1) that target device 110-1 reported as being visible. Location server 160 may also observe that, when target device 110-1 is within the venue, two widely separated APs (namely APs 105-1 and 105-2 in this scenario) report seeing the MAC address of target device 110-1. The mismatch between any measurements provided by target device 110-1 and measurements provided by APs (or the lack of any measurements provided by the target device 110-1 versus the provision of measurements by an AP or APs in the venue) and/or the possible inconsistency of information provided by different APs (here APs 105-1 and 105-2) can indicate to location server 160 that the address provided by the external client for target device 110-1 is either invalid or is valid but is being spoofed (e.g. transmitted) by a device different to target device 110-1. In response to this determination, the location server 160 may withhold providing a location for target device 110-1 obtained using NBP to the external client. Instead, the location server 160 may use MBP to locate target device 110-1 and provide this location to the external client if the location server is able to use MBP to locate the target device 110-1 without relying on the MAC address for target device 110-1.
At block 206, the wireless device sends a first measurement to the server. In one embodiment, the first measurement includes a first MAC address of an AP visible to the wireless device. In some embodiments, the first measurement also includes one or more of a first RSSI, a first AOA or a first RTT obtained from signals transmitted by and received from the AP having the first MAC address. In some embodiments, the first measurement may include a MBP location result (e.g. a location estimate for the wireless device obtained by the wireless device using MBP). In some embodiments, the first measurement is used by the server to determine a first location of the wireless device.
At block 211, the wireless device sends a signal comprising the ID to an AP trusted by the server. In some embodiments, the signal may be broadcast by the wireless device to all APs nearby to the wireless device. In other embodiments, the signal may be transmitted specifically to the trusted AP (e.g. if there is a signaling association between the wireless device and the trusted AP). The signal may enable a second measurement by the trusted AP, and in response to the second measurement by the trusted AP, the server may verify the consistency of the first and second measurements. In one embodiment, the second measurement includes the ID of the wireless device and the ID of the trusted AP. In some embodiments, the second measurement includes one or more of a second RSSI, a second AOA or a second RTT obtained from the signal transmitted by the wireless device. In some embodiments, the second measurement is used by the server to determine a second location of the wireless device. In some embodiments, verifying the consistency of the first and second measurements may include verifying that (i) the first measurement contains the ID of the trusted AP and the second measurement contains the ID of the wireless device, (ii) the first RSSI and/or the first RTT in the first measurement implies the same distance between the wireless device and the trusted AP within a threshold level of confidence as the second RSSI and/or the second RTT in the second measurement, (iii) the first AOA in the first measurement and the second AOA in the second measurement refer to opposite directions within a threshold level of confidence, and/or (iv) the first and second locations determined by the server are within a threshold distance of one another. In an embodiment, the wireless device ID may be considered as verified (e.g. by the location server) if consistency of the first and second measurements is verified at block 211.
At block 210, the server receives a first measurement from the device. In one embodiment, the first measurement includes a first MAC address for a trusted AP detected (or claimed to be detected) by the device. In some embodiments, the first measurement also includes one or more of a first RSSI, a first AOA or first RTT associated with the AP having the first MAC address. In some embodiments, the first measurement may be a mobile-based positioning location result. In some embodiments, the first measurement includes or is used to determine, a first location of the device.
At block 215, the server receives a second measurement from a trusted access point (AP), where the second measurement is of a signal comprising the ID. For example, the second measurement may be a second MAC address comprising a MAC address for the trusted AP and may also include at least one of a second RSSI, a second AOA and second RTT determined from at least one signal comprising the ID. In some embodiments, the second measurement may be a network based positioning location result. In some embodiments, the second measurement includes or is used to determine, a second location of the device.
At block 220, the server verifies the ID by verifying consistency of the first and second measurements. Verifying consistency may include determining that the first and second MAC addresses are the same MAC address and/or determining that the first RSSI, first AOA or first RTT corresponds with the second RSSI, second AOA or second RTT within a correspondence threshold. In one embodiment, the correspondence threshold comprises one or more of equality, similarity, opposition or correlation of the first and second RSSI or RTT values. Correlation and similarity may be user defined or may use predetermined values or ranges. In some embodiments, verifying consistency includes determining the first and second locations are within at least a threshold (e.g., user defined or predetermined value) distance to each other.
Wireless device 110 in system 300 may correspond to target device 110-1 or to alternate device 110-2 in operating environment 100 in
LS 160 in
LBS AS 155 in
The entities shown in
In one embodiment, WDIV system 300 independently verifies that a MAC address provided by a particular wireless device (in this example, wireless device 110), or provided by some other entity (e.g. by LBS AS 155) for authorized location of wireless device 110, actually belongs to wireless device 110. A method enabling this may use the elements in the WDIV system 300 and makes use of both NBP and MBP.
When the wireless device 110 first enters a venue or other defined location (e.g. a building or floor of a building) or when the LS 160 needs to verify that an ID (e.g. a MAC address) claimed by the wireless device 110 is correct, the LS 160 can invoke both NBP and MBP or make use of information previously obtained by LS 160 for the wireless device 110 using MBP and/or NBP. For MBP, LS 160 can request the wireless device 110 to report measurements for visible APs (e.g., their MAC addresses and/or additional measurements such as measurements of RSSI, AOA and/or RTT for signals received from the visible APs). For NBP, LS 160 can request measurement information from one or more APs in ALN 170 of signals (e.g. IEEE 802.11x signals) transmitted by wireless device 110 and carrying or being associated with the ID claimed by wireless device 110. The measurement information provided by ALN 170 may include the IDs (e.g. MAC address) of some or all APs that are able to detect signals carrying or being associated with the ID claimed by the wireless device 110. Signals associated with the ID claimed by wireless device 110 may be signals that do not explicitly contain the ID claimed by wireless device 110 but are part of a common signaling procedure (e.g. a procedure defined for an IEEE 802.11x protocol or for 3GPP LTE) that includes other signals or messages transmitted by the wireless device 110 that do contain the ID claimed by the wireless device 110. The measurement information provided by ALN 170 may further include measurements of some characteristic of the signals carrying or associated with the ID claimed by the wireless device 110 such as RSSI, AOA or RTT. LS 160 can verify that the set of APs reported as being visible by the wireless device 110 match the set of APs reported by ALN 170 as being able to detect signals carrying or being associated with the ID claimed by the wireless device 110. There may not be an exact match between the two sets of APs; however, there should be at least one or more APs in common in the two sets, or the two sets of APs should at least comprise APs in the same local area. The level of required match of the two sets of APs may be a configurable parameter in LS 160 that may define a threshold level for determining a match. For example, when security is considered high priority, the threshold may require that most APs in the two sets be the same. Conversely, when security is considered lower priority (e.g. in a venue where LS 160 and LBS AS 155 provide wireless device location information to a venue operator or owner but not to external clients or wireless devices), the threshold may allow for only one AP in common in the two sets or no APs in common but with the two sets of APs being required to be in the same local area. LS 160 may also calculate locations for wireless device 110 from the received MBP and NBP measurements and may verify they approximately match as a condition for verifying the correctness of the ID claimed by the wireless device 110. In obtaining a location using MBP, the MBP location measurements received from wireless device 110 could be for Wi-Fi based position methods (e.g. could include RSSI, AOA and RTT measured by wireless device 110 for one or more APs in ALN 170) and/or could be for other MBP position methods such as A-GNSS and/or OTDOA. The MBP location may be further obtained using wireless device assisted MBP (in which wireless device 110 sends measurements to location server 160 rather than sending a location computed by wireless device 110) to enable a more reliable location to be computed by location server 160 in which spoofing by wireless device 110 would be more difficult and thus less likely.
In some embodiments, in response to verifying the ID claimed by wireless device 110, LS 160 may use NBP for a specified period of time to locate and track the wireless device 110 (based on measurement of signals containing the verified ID by APs in ALN 170) before again re-verifying the claimed ID of wireless device 110 (e.g. which might be configured to occur only periodically such as every hour). While correct use NBP can depend on having a verified ID (e.g. MAC address) for wireless device 110 due to the possibility of spoofing as already described, WDIV system 300 (e.g. LS 160 in WDIV system 300) may determine that NBP is more efficient than MBP if many wireless devices are being located simultaneously (e.g. at a busy airport or shopping mall) and may thus have a preference for using NBP rather than MBP. LS 160 may then prioritize NBP over MBP in some instances, and therefore verification of IDs claimed by the different wireless devices may be beneficial.
As just described, in order to assist with verification of an ID claimed by wireless device 110, LS 160 may compare measurements made by wireless device 110 of one or more trusted APs in ALN 170 and reported to LS 170 with measurements made by the same trusted APs in ALN 170 of received signals carrying or being associated with the ID claimed by wireless device 110 and reported by ALN 170 to LS 160. The measurements may include measurements of RSSI, AOA and/or RTT as previously described and LS 160 may verify that measurements of RSSI, AOA and/or RTT made by wireless device 110 of some AP (e.g. AP 105-1) are consistent with (e.g. approximately equal to) the same types of measurements made by the AP of signals received by the AP carrying or being associated with the ID claimed by the wireless device 110. In one embodiment, to verify consistency, a threshold is configured such that (i) RTTs should be approximately the same, (ii) AOAs should be approximately opposite (e.g. if a wireless device measured AOA is 5 degrees clockwise from North, the AP measured AOA should be approximately 185 degrees clockwise from North) and (iii) normalized RSSI measurements should be correlated. As an example of RSSI correlation, if a wireless device's RSSI measurement for a first AP is higher than for a second AP when both RSSI measurements are normalized with respect to AP transmission power, then the first AP's RSSI measurement for signals carrying or being associated with the wireless device ID should exceed the second AP's RSSI measurement for these signals. In addition, the ratio of the wireless device's normalized RSSI measurements for the first and second APs and the ratio of the first and second APs' RSSI measurements for signals carrying or being associated with the wireless device ID should be approximately the same (though as signals may travel using different paths in uplink and downlink directions, the ratios may be somewhat different).
In one embodiment, wireless device 110 sends and receives communication to ALN 170, LS 160, and LBS AS 155 that cannot be initially associated with a verified ID for wireless device 110 since wireless device 110 is not part of WDIV system 300 and communication over wireless interfaces 365, 370 and 375 may be spoofed as previously described. In contrast to wireless device 110 communication, Access/Location Network Database to Map Database I/F 340, Access/Location Network Database to location server I/F 345, Access/Location Network to location server I/F 360, Map Database to application server I/F 350, and location server to application server I/F 355 are deemed trustworthy communication within the control of the WDIV system 300.
In one embodiment, communication sent from the wireless device 110 may be classified as unverified or potentially untrustworthy until WDIV system 300 has verified the wireless device 110 identification. For example, when the wireless device 110 enters a venue for WDIV system 300, the wireless device 110 may broadcast or send a MAC address identification on an I/F (e.g., one of the WDIV system 300 wireless I/Fs 365, 370 or 375). In one embodiment, WDIV system 300 can verify the broadcast or sent MAC address as described earlier herein and as described next using
At block 405, a target wireless device (e.g., target device 110-1 or alternate device 110-2 in operating environment 100 or wireless device 110 in WDIV system 300) sends its device ID (e.g., MAC address of the wireless device) to an LBS application server (e.g., LBS application server 155) and requests that the LBS application server provide reporting (e.g., periodic reporting) of the target wireless device's location back to the target wireless device. The target wireless device may also provide a second ID to the LBS application server such as a user ID of logon ID that the LBS application server may be able to authenticate (e.g. via a logon/password procedure), However, authenticating the second ID may not verify the device ID, since a wireless device (or the user of a wireless device) with a valid user ID or valid logon ID may still spoof a device ID belonging to some other wireless device.
At block 410, the LBS application server requests periodic location of the target wireless device from a location server (e.g., location server 160). In one embodiment, the LBS application server also provides the target wireless device ID to the location server. In some embodiments, the LBS application server may also provide the second ID to the location server or a third ID (e.g. a venue assigned ID) that is associated one to one with the second ID.
At block 415, the location server may determine that the device ID should be verified—e.g. because the location server needs to use NBP to periodically locate the target wireless device at block 450 (as described further on) based on the device ID and needs to be sure that the device ID is valid (e.g. and not incorrect or spoofed). The location server may identify the target wireless device using the second ID or third ID rather than by using the device ID which may not be considered as verified yet. The location server then requests MBP location measurements from the target wireless device for one or more APs that are visible to the target wireless device. For example, the location server may send a request message directly to the target wireless device and may establish a location session with the wireless device—e.g. a SUPL session as defined for the OMA SUPL location solution. In one embodiment, the request message may pass transparently through a wireless network (e.g., network 150 and/or ALN 170) and/or an AP. In some embodiments, the request message may be a message, or may contain an embedded message, defined for the SUPL location solution defined by OMA, the LTE positioning protocol (LPP) defined by 3GPP or the LPP Extensions (LPPe) protocol defined by OMA. In some embodiments, the target wireless device may provide a fourth ID to the location server (e.g. when the location server establishes a SUPL session with the target wireless device) which may be an International Mobile Subscriber Identity (IMSI), a Mobile Station International Subscriber Directory Number (MSISDN) or an International Mobile Equipment Identity (IMEI) in some embodiments. The location server may authenticate the fourth ID—e.g. using the Transport Layer Security (TLS) mechanism defined by IETF. In some embodiments the fourth ID may be the same as the second ID or third ID and may enable the location server to verify that the target wireless device to which the request message was sent is the same target wireless device that sent the device ID to the LBS application server at block 405. In some embodiments, the target wireless device may send the claimed device ID to the location server as part of block 415 in which case the claimed device ID may not be sent by the target wireless device to the LBS application server at block 405 and/or may not be sent by the LBS application server to the location server at block 410. However, whether the location server obtains the claimed device ID from the target wireless device or from the LBS application server, the location server may not consider the claimed device ID as being verified even if the LS authenticates the fourth ID for the target wireless device, since a target wireless device (or the user of a target wireless device) with a valid second, third and/or fourth ID may still spoof the claimed device ID. Thus verifying the claimed device ID may be needed.
At block 420, the location server requests NBP location measurements of the wireless device from an ALN (e.g. ALN 170). In one embodiment, the location server also provides the device ID to the ALN. In one embodiment, the location server sends an NBP request including the device ID to an intermediate entity in the ALN (e.g. a router or ALN controller) which forwards the request to one or more APs in the ALN (e.g. to AP 105-1 or AP 105-2). In another embodiment, the location server sends an NBP request including the device ID directly to each of one or more APs in the ALN.
At block 425, the target wireless device receives signals from one or more APs in the ALN that contain or are associated with an ID (e.g. a MAC address) of the AP that is sending each signal. The target wireless device then makes location measurements using these signals based on the MBP request received at block 415. For example, the target wireless device can obtain the MAC address for each AP from which a signal is measured and may make measurements of RSSI, AOA and/or RTT.
At block 430, the target wireless device returns the MBP location measurements, including the IDs of the APs for which they were each made, to the location server.
At block 435, an AP in the ALN receives signals (e.g., IEEE 802.11 frames) from the target wireless device and verifies the signals contain or are associated with the device ID and makes location measurements. For example, the AP may obtain the device ID and may measure the RSSI, AOA or RTT using the signals. Block 435 may be performed by more than one AP in the ALN—e.g. may be performed by each AP that receives an NBP request sent or forwarded at block 420.
At block 440, the ALN returns the location measurements made by the AP(s) at block 435 to the location server together with the device ID and the ID(s) of the AP(s) (e.g. AP MAC address(es)). In some embodiments, the location measurements may be returned by the AP(s) in the ALN to an intermediate entity (e.g. an ALN controller or router) which may forward the location measurements in individual messages for each AP or combined into a single message (or single message set) for all APs to the location server. In other embodiments, each AP may individually and directly return the location measurements made by that AP to the location server. In some embodiments, the device ID may not be returned to the location server along with the location measurements—e.g. if the device ID is implicitly known by the location server due to an association (e.g. inclusion in a common procedure) of each location measurement response sent at block 440 to an NBP request sent at block 420.
At block 445, the location server verifies consistency of the two sets of location measurements received at blocks 430 and 440. For example, the location server may verify consistency or non-consistency (whichever applies) as described herein in association with
In some embodiments of the method in
It should be appreciated that while the method in
In some embodiments, messages may be transferred in a different order or arrangement than described above with relation to
At block 610, the location server determines to verify the claimed device ID and initiates MBP location of the wireless device at block 615 and NBP location of the wireless device at block 620. Blocks 615 and 620 are composite blocks and each contain component blocks as shown in
With regards to MBP location at block 615, WDIV at the location server may request the wireless device report measurements for some or all visible APs at blocks 625-645. Visible APs may be APs from which the wireless device detects transmitted frames, messages or other wireless signals that identify the particular AP (e.g. by carrying an ID for the AP). In some embodiments, the wireless device reports visible APs without a request to report from the location server (e.g. if the wireless device is requesting location assistance data from the location server and needs to convey to the location server information about the current location of the wireless device). At block 625, the location server receives an ID (e.g. a MAC address) of an AP detected by the wireless device. In some embodiments, when multiple APs are within range of the wireless device, the location server may receive an ID for each of the APs detected by the wireless device which may be conveyed to the location server by the wireless device in a single message (e.g. a single SUPL, LPP and/or LPPe message).
At block 630, the location server receives an RSSI measurement for an AP detected by the wireless device. In some embodiments, when multiple APs are within range of the wireless device, the location server may receive an RSSI measurement for each of the APs detected by the wireless device (e.g. which may be conveyed in a single message to the location server).
At block 635, the location server receives an RTT measurement for an AP detected by the wireless device. In some embodiments, when multiple APs are within range of the wireless device, the location server may receive an RTT measurement for each of the APs detected by the wireless device (e.g. which may be conveyed in a single message to the location server).
At block 640, the location server receives an AOA measurement for an AP detected by the wireless device. In some embodiments, when multiple APs are within range of the wireless device, the location server may receive an AOA measurement for each of the APs detected by the wireless device (e.g. which may be conveyed in a single message to the location server).
At block 645, the location server may receive additional MBP measurements from the wireless device (e.g. MBP measurements for A-GNSS and/or OTDOA). These additional measurements and/or the measurements received at blocks 625-640 may be used by the location server at block 645 to compute a location estimate for the wireless device. In some embodiments all the measurements for blocks 625-645 may be conveyed by the wireless device to the location server in a single message (e.g. a SUPL, LPP and/or LPPe message) or in a single set of associated messages (e.g. a set of SUPL POS messages for a common SUPL session).
In some embodiments, one or more of blocks 625-645 may not occur—e.g. if the mobile device does not send RSSI, RTT or AOA measurements or if the location server does not compute a location estimate for the wireless device using MBP.
With regards to NBP location at block 620, WDIV at the location server may request one or more APs (e.g. AP 105-1 and/or AP 105-2 in
At block 650, the location server receives the ID (e.g. a MAC address) of an AP detecting the device ID. In some embodiments, when multiple APs are within range of the wireless device, the location server may receive a MAC address from each of the APs detecting the device ID. In some embodiments, when more than one AP sends its ID, the IDs may be included in a single message (e.g. by an intermediate entity in the ALN) before being sent to the location server, which may reduce the message load on the location server and the use of signaling resources for the ALN.
At block 655, the location server receives an RSSI measurement from an AP detecting the device ID, measured for a signal received by the AP that contains or is associated with the device ID. In some embodiments, when multiple APs are within range of the wireless device, the location server may receive an RSSI measurement from each of the APs detecting the device ID (e.g. which may all be included in a single message sent by an intermediate entity as in block 650).
At block 660, the location server receives an RTT measurement from an AP detecting the device ID, measured for a signal received by the AP that contains or is associated with the device ID. In some embodiments, when multiple APs are within range of the wireless device, the location server may receive an RTT measurement from each of the APs detecting the device ID (e.g. which may all be included in a single message sent by an intermediate entity as in block 650).
At block 665, the location server receives an AOA measurement from an AP detecting the device ID, measured for a signal received by the AP that contains or is associated with the device ID. In some embodiments, when multiple APs are within range of the wireless device, the location server may receive an AOA measurement from each of the APs detecting the device ID (e.g. which may all be included in a single message sent by an intermediate entity as in block 650). In some embodiments, the measurements received at blocks 650-665 from each AP may be conveyed to the location server in one message from each AP. In some embodiments, the measurements received at blocks 650-665 from all APs may be conveyed to the location server in one message from an intermediate entity in the ALN.
At block 670, the location server may compute a location estimate for the wireless device using NBP, based on one or more of the measurements received at blocks 650-665 and possibly additional NBP measurements received from APs such as measurements of TOA or TDOA.
In some embodiments, one or more of blocks 650-670 may not occur—e.g. if APs do not send RSSI, RTT or AOA measurements or if the location server does not compute a location estimate for the wireless device using NBP.
At block 675, the location server or a WDIV function in the location server attempts to match the MBP data obtained at block 615 with the NBP data obtained at block 620. In one embodiment, the location server verifies whether the IDs of APs reported by the wireless device at block 625 match the IDs of APs that reported detecting the claimed device ID at block 650. The location server may not require that all AP IDs that are reported for MBP and NBP can be matched but may require that some minimum number can be matched or that the reported IDs for MBP and NBP belong to APs in the same local area (e.g. a sub-area for a venue such as the same floor in a building or same terminal at an airport). The location server may also verify whether the received RSSI, AOA and RSSI measurements and the obtained wireless device location at blocks 630-645 for MBP match or are consistent with the received RSSI, AOA and RSSI measurements and the obtained wireless device location at blocks 655-670 for MBP. Verification of consistency may be as described earlier herein and in association with
At block 680, the location server determines whether the threshold(s) are met for matching and/or verifying consistency of the MBP data and NBP data at block 675. For example an AP threshold match may require a match of at least 70% or some other percent/number of the IDs of APs detecting the claimed device ID at block 650 to the IDs of APs reported by the wireless device at block 625 before a claimed device ID may be considered verified. As another example, an RTT threshold match may require that RTT measurements provided by APs at block 660 imply a distance (or range) from each AP to the wireless device that is within 25 meters (or some other maximum length) of the distance (or range) from the wireless device to each corresponding AP implied by RTT measurements provided by the wireless device at block 635, for some minimum number of APs. As another example of RSSI and AOA matching thresholds, the location server may verify that pairs of reported NBP and MBP AOAs for an AP detecting the device ID and being detected by the wireless device, respectively, are within a predetermined variation threshold (e.g., 20% or some other percentage) of one another, after allowing for AOAs being in opposite directions for NBP versus MBP, and that normalized MBP and NBP RSSI measurements are correlated. For example, if a wireless device RSSI measurement of a first AP is higher than for a second AP when normalized with respect to AP transmission power, then the first AP's RSSI measurement for the wireless device may be verified to exceed the second AP's RSSI measurement for the wireless device. The level of required threshold match for the different measurements may be adjustable by the location server of by an operator of a venue, for example, depending on the particular security requirements of a venue or location. Threshold matching may also require that the wireless device provide at least some MBP measurements at block 615 and that at least some APs provide NBP measurements at block 620. Thus, for example, if the wireless device cannot be accessed by the location server (e.g. due to being outside the venue, powered off or not in radio coverage) or is otherwise unable to provide any MBP measurements, the location server can conclude that a threshold requirement is not matched. Similarly, if no APs in the venue report detecting the wireless device (e.g. because the wireless device is not in the venue or is powered down or the user has disabled Wi-Fi capability), the location server can conclude that a threshold requirement is not matched. Note that other thresholds may be used to verify self consistency of NBP (and MBP) measurements. For example, there may be a maximum threshold on the distance between two APs that report receiving the device ID in order for the NBP measurements to be considered as self-consistent.
If the thresholds are not met, at block 685 the location server reports the device ID verification failure. In some embodiments, in response to device ID verification failure, the location server and/or other entities associated with the location server (e.g. an LBS AS) deny a wireless device access to LBS services and/or other service provided by or on behalf of a venue.
If the thresholds are met, at block 690 the location server reports the device ID verification success. In some embodiments, in response to device ID verification success, the location server and/or other associated entities (e.g. an LBS AS) provide LBS and/or other services to the wireless device and may use NBP location in order to provide LBS services—e.g. to obtain one or more locations for the wireless device and provide these to the wireless device and/or to other authorized entities. In some embodiments, in response to verifying a device ID, the location server may initiate a timeout period during which no further retesting of the device ID would occur. Following the timeout period, if the wireless device may still be within a venue associated with the location server, the location server may re-verify the device ID by repeating blocks 610 to 690. In some embodiments, the location server may periodically verify device ID credibility with the frequency depending on the particular security requirements set by the venue or location.
It should be noted that for the method described herein (e.g. in association with
It should further be noted that while the method described herein has been mainly described in terms of verifying an IEEE 802.11 MAC address for a wireless device receiving location services in a venue, the same or similar methods may be used in other scenarios for verifying any identity or address used by or claimed by a wireless device in association with a particular wireless technology (e.g. Bluetooth, Near Field Communication, WCDMA, LTE) within a venue or within a larger area such as town, city, state, country or worldwide. This verification may be desirable in scenarios where the wireless device includes the address or identity in messages or signals transmitted using the particular wireless technology to nearby access points, base stations or femtocells in a network wherein the access points, base stations or femtocells are able to receive, demodulate and decode the identity or address. In these scenarios, the wireless device or some other entity may transfer a claimed or assumed identity or address for the wireless device to one or more servers in a network from which the wireless device or the other entity is receiving service and may request various services from the one or more servers that may depend on the identity or address correctly belonging to the wireless device and not to some other wireless device. For example, the services may include locating the wireless device by the one or more servers using NBP and transferring the resulting location to the wireless device or to the other entity. Or the services may include provision of other information for which the wireless device has some subscription or is otherwise entitled to receive (e.g. such as provision of Internet access, ability to send and receive voice or data calls, receipt of other information). By matching information obtained from base stations, femtocells and/or APs based on receipt of messages or signals carrying the claimed or assumed identity or address with similar or corresponding information provided by the wireless device directly to a server (such as a location server), a server or network (e.g. a location server in the network) may verify the probable integrity of the claimed or assumed identity or address.
The wireless device 700 may also include a number of wireless device sensors 735 coupled to one or more buses or signal lines further coupled to the processor(s) 701. The sensors 735 may include a clock, ambient light sensor (ALS), accelerometer, gyroscope, magnetometer, temperature sensor, barometric pressure sensor, red-green-blue (RGB) color sensor, ultra-violet (UV) sensor, UV-A sensor, UV-B sensor, compass, proximity sensor. The wireless device may also include a Global Positioning System (GPS) or GNSS receiver 730 which may enable GPS or GNSS measurements in support of A-GNSS positioning. In some embodiments, multiple cameras are integrated or accessible to the wireless device. In some embodiments, other sensors may also have multiple versions or types within a single wireless device.
Memory 705 may be coupled to processor 701 to store instructions (e.g., instructions to perform WDIV 771) for execution by processor 701. In some embodiments, memory 705 is non-transitory. Memory 705 may also store software or firmware instructions (e.g. for one or more programs or modules) to implement embodiments described herein such as WDIV embodiments described in association with
Memory 705 may also store data from integrated or external sensors. In addition, memory 705 may store application program interfaces (APIs) for accessing WDIV. In some embodiments, WDIV functionality can be implemented in memory 705. In other embodiments, WDIV functionality can be implemented as a module separate from other elements in the wireless device 700. The WDIV module may be wholly or partially implemented by other elements illustrated in
Network interface 710 may also be coupled to a number of wireless subsystems 715 (e.g., Bluetooth 766, WLAN 711, Cellular 761, or other networks) to transmit and receive data streams through a wireless antenna system 780 to/from a wireless network or through a wired interface for direct connection to networks (e.g., the Internet, Ethernet, or other wireline systems). Wireless subsystems 715 may be connected to antenna system 780. Antenna system 780 may be connected to GPS or GNSS receiver 730 to enable reception of GPS or other GNSS signals by GPS or GNSS receiver 730. Antenna system 780 may comprise a single antenna, multiple antennas and/or an antenna array and may include antennas dedicated to receiving and/or transmitting one type of signal (e.g. cellular, Wi-Fi or GNSS signals) and/or may include antennas that are shared for transmission and/or reception of multiple types of signals. WLAN subsystem 711 may comprise suitable devices, hardware, and/or software for communicating with and/or detecting signals from Wi-Fi APs and/or other wireless devices within a network (e.g. femtocells). In one aspect, WLAN subsystem 711 may comprise a Wi-Fi (802.11x) communication system suitable for communicating with one or more wireless access points.
Cellular subsystem 761 may include one or more wide area network transceiver(s) that may be connected to one or more antennas in antenna system 780. The wide area network transceivers may comprise suitable devices, hardware, and/or software for communicating with and/or detecting signals to/from other wireless devices within a network. In one aspect, the wide area network transceivers may comprise a CDMA communication system suitable for communicating with a CDMA network of wireless base stations; however in other aspects, the wide area network transceivers may support communication with other cellular telephony networks or femtocells, such as, for example, TDMA, LTE, Advanced LTE, WCDMA, UMTS, 4G, or GSM. Additionally, any other type of wireless networking technologies may be supported and used by wireless device 700, for example, WiMax (802.16), Ultra Wide Band, ZigBee, wireless USB, etc. In conventional digital cellular networks, position location capability can be provided by various time and/or phase measurement techniques. For example, in CDMA networks, one position determination approach used is Advanced Forward Link Trilateration (AFLT). Using AFLT, a server may compute a position for wireless device 700 from phase measurements made by wireless device 700 of pilot signals transmitted from a plurality of base stations.
The wireless device as used herein (e.g., wireless device 700, wireless device 110) may be a: wireless device, cell phone, personal digital assistant, mobile computer, wearable device (e.g., watch, head mounted display, virtual reality glasses, etc.), tablet, personal computer, laptop computer, or any type of device that has wireless capabilities. As used herein, a wireless device may be any portable, or movable device or machine that is configurable to acquire wireless signals transmitted from, and transmit wireless signals to, one or more wireless communication devices or networks. Thus, by way of example but not limitation, the wireless device 700 may include a radio device, a cellular telephone device, a computing device, a personal communication system device, or other like movable wireless communication equipped device, appliance, or machine. The term “wireless device” is also intended to include devices which communicate with a personal navigation device, such as by short-range wireless, infrared, wireline connection, or other connection—regardless of whether satellite signal reception, assistance data reception, and/or position-related processing occurs at the device 700. Also, the term “wireless device” is intended to include all devices, including wireless communication devices, computers, laptops, etc. which are capable of communication with a server, such as via the Internet, Wi-Fi, or other network, and regardless of whether satellite signal reception, assistance data reception, and/or position-related processing occurs at the wireless device, at a server, or at another wireless device associated with the network. Any operable combination of the above can also be considered a “wireless device” as used herein. Other uses may also be possible. While various examples given in the description below relate to wireless devices, the techniques described herein can be applied to any wireless device for which accurate context inference is desirable.
In one embodiment, the wireless device (e.g., wireless device 700) is capable of monitoring the context of a user within close proximity (e.g. mobile phone) or the wireless device may be physically attached to the user (e.g., watch, wrist band, necklace or other wearable wireless device). In one example, a user (e.g., children, elderly people, patients suffering from physical or mental health ailments, etc.) may carry the wireless device while performing normal day to day activities. In some embodiments, the wireless device may be at a patient's bedside, worn by the elderly within their home, an anklet may be attached to a confined person, or any number of other implementations and use cases are possible.
The wireless device may communicate wirelessly with a plurality of APs, base stations and/or femtocells using RF signals (e.g., 700 MHz, 1900 MHz, 2.4 GHz, 3.6 GHz, and 4.9/5.0 GHz bands) and standardized protocols for the modulation of the RF signals and the exchanging of information. For example, the protocol may be Institute of Electrical and Electronics Engineers (IEEE) 802.11x or 3GPP LTE. By extracting different types of information from the exchanged signals, and utilizing the layout of the network (i.e., the network geometry) the wireless device may determine its position within a predefined reference coordinate system.
It should be appreciated that embodiments of the invention as will be hereinafter described may be implemented through the execution of instructions, for example as stored in the memory 705 or other element, by processor 701 of wireless device 700 and/or other circuitry of wireless device 700 and/or other wireless devices. Particularly, circuitry of wireless device 700, including but not limited to processor 701, may operate under the control of a program, routine, or the execution of instructions to execute methods or processes in accordance with embodiments of the invention. For example, such a program may be implemented in firmware or software (e.g. stored in memory 705 and/or other locations) and may be implemented by processors, such as processor 701, and/or other circuitry of wireless device 700. Further, it should be appreciated that the terms processor, microprocessor, circuitry, controller, etc., may refer to any type of logic or circuitry capable of executing logic, commands, instructions, software, firmware, functionality and the like.
Some or all of the functions, engines or modules described herein (e.g., WDIV) may be performed by the wireless device 700 itself and/or some or all of the functions, engines or modules described herein may be performed by another system connected through I/O controller 725 or network interface 710 (wirelessly or wired) to the wireless device. Thus, some and/or all of the functions may be performed by another system and the results or intermediate calculations may be transferred back to the wireless device. In some embodiments, such other device may comprise a server configured to process information in real time or near real time. In some embodiments, the other device is configured to predetermine the results, for example based on a known configuration of the device. Further, one or more of the elements illustrated in
The server 800 may include a network interface 805 configured to communicate with a network (not shown), which may be configured to communicate with other servers, computers, and devices (e.g., wireless device 110).
A processor 810 may be connected to the network interface 805 via the bus 860, and a memory 840. The processor 810 may include one or more microprocessors, microcontrollers, and/or digital signal processors that provide processing functions, as well as other calculation and control functionality. The memory 840 may contain software and/or firmware containing instructions (e.g. in the form of programs or modules) that enable server 800 (e.g. the processor 810) to perform the various embodiments described herein, such as those described in association with
A number of software modules or data tables may reside in memory 840 and may be utilized by the processor 810 in order to manage communications, and WDIV functionality. As illustrated in
The server 800 may optionally store auxiliary position/motion data in memory 840 that may be derived from information received from various sources such as APs (e.g. AP 105-1 or AP 105-2 in
The network interface 805 may enable server 800 to send and receive information to and from external networks (e.g. network 150 in
Those of skill in the art would understand that information and signals may be represented using any of a variety of different technologies and techniques. For example, data, instructions, commands, information, signals, bits, symbols, and chips that may be referenced throughout the above description may be represented by voltages, currents, electromagnetic waves, magnetic fields or particles, optical fields or particles, or any combination thereof.
Those of skill would further appreciate that the various illustrative logical blocks, modules, engines, circuits, and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, engines, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The various illustrative logical blocks, modules, and circuits described in connection with the embodiments disclosed herein may be implemented or performed with a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A general-purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC. The ASIC may reside in a user terminal. In the alternative, the processor and the storage medium may reside as discrete components in a user terminal.
In one or more exemplary embodiments, WDIV may be implemented as a software, firmware, hardware, module, or engine. In one embodiment, the previous WDIV description may be implemented by one or more general purpose processors (e.g., 810) in memory 840 of server 800 to achieve the previously desired functions (e.g., the method embodiments of
Aspects of WDIV are disclosed in the above description and related drawings and are directed to specific embodiments. Alternate embodiments may be devised without departing from the scope of the embodiments described herein. Additionally, well-known elements of the embodiments described herein may not be described in detail or may be omitted so as not to obscure relevant details.
The word “exemplary” is used herein to mean “serving as an example, instance, or illustration.” Any embodiment described herein as “exemplary” is not necessarily to be construed as preferred or advantageous over other embodiments. Likewise, the term “embodiments” does not require that all embodiments include the discussed feature, advantage or mode of operation.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of embodiments of the invention. As used herein, the singular forms “a”, “an” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms “comprises”, “comprising”, “includes” and/or “including”, when used herein, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
Further, many embodiments are described in terms of sequences of actions to be performed by, for example, elements of a computing device (e.g., a server or device). It will be recognized that various actions described herein can be performed by specific circuits (e.g., application specific integrated circuits), by program instructions being executed by one or more processors, or by a combination of both. Additionally, these sequence of actions described herein can be considered to be embodied entirely within any form of computer readable storage medium having stored therein a corresponding set of computer instructions that upon execution would cause an associated processor to perform the functionality described herein. Thus, the various aspects of the invention may be embodied in a number of different forms, all of which have been contemplated to be within the scope of the claimed subject matter. In addition, for each of the embodiments described herein, the corresponding form of any such embodiments may be described herein as, for example, “logic configured to” perform the described action.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims
1. A method for verifying an identity (ID) claimed by a wireless device, the method comprising:
- receiving the ID from the wireless device;
- receiving a first measurement from the wireless device;
- receiving a second measurement from a trusted access point (AP), wherein the second measurement is of a signal comprising the ID; and
- verifying the ID by verifying consistency of the first and second measurements.
2. The method of claim 1 wherein the ID is an Institute of Electrical and Electronics Engineers (IEEE) 802.11 media access control (MAC) address.
3. The method of claim 2, wherein:
- the first measurement comprises a first MAC address,
- the second measurement comprises a second MAC address, and
- the verifying consistency comprises verifying the first MAC address is the MAC address of the trusted AP and the second MAC address is the ID.
4. The method of claim 3, wherein:
- the first measurement further comprises one or more of: a first Received Signal Strength Indication (RSSI), a First Angle Of signal Arrival (AOA) and a first Round Trip propagation Time (RTT) associated with an AP having the first MAC address,
- the second measurement further comprises one or more of: a second RSSI, a second AOA and a second RTT determined from at least one signal comprising the ID, and
- the verifying consistency further comprises determining the first RSSI, the first AOA or the first RTT corresponds, respectively, with the second RSSI, the second AOA or the second RTT within a correspondence threshold.
5. The method of claim 4, wherein the correspondence threshold comprises one or more of: equality, similarity, opposition or correlation of the first and second RSSI, AOA or RTT values.
6. The method of claim 1, wherein:
- the first measurement is a mobile based positioning (MBP) location result, and the second measurement is a network based positioning (NBP) location result.
7. The method of claim 1, wherein:
- the first measurement comprises, or is used to determine, a first location of the wireless device,
- the second measurement comprises, or is used to determine, a second location of the wireless device, and
- the verifying consistency further comprises determining the first and second locations are within at least a threshold distance to each other.
8. A server for verifying an identity (ID) claimed by a wireless device, the server comprising:
- memory; and
- a processor coupled to the memory and configured to:
- receive the ID from the wireless device;
- receive a first measurement from the wireless device;
- receive a second measurement from a trusted access point (AP), wherein the second measurement is of a signal comprising the ID; and
- verify the ID by verifying consistency of the first and second measurements.
9. The server of claim 8 wherein the ID is an Institute of Electrical and Electronics Engineers (IEEE) 802.11 media access control (MAC) address.
10. The server of claim 9, wherein:
- the first measurement comprises a first MAC address,
- the second measurement comprises a second MAC address, and
- the verifying consistency comprises verifying the first MAC address is the MAC address of the trusted AP and the second MAC address is the ID.
11. The server of claim 10, wherein:
- the first measurement further comprises one or more of: Received Signal Strength Indication (RSSI), a first Angle of signal Arrival (AOA), a first Round Trip propagation Time (RTT) associated with an AP having the first MAC address, or any combination thereof,
- the second measurement further comprises one or more of: a second RSSI, a second AOA, a second RTT determined from at least one signal comprising the ID, or any combination thereof, and
- the verifying consistency further comprises determining the first RSSI, first AOA, or first RTT corresponds, respectively, with the second RSSI, the second AOA, or the second RTT within a correspondence threshold.
12. The server of claim 11, wherein the correspondence threshold comprises one or more of: equality, similarity, opposition, or correlation of the first and second RSSI, AOA, or RTT values.
13. The server of claim 8, wherein:
- the first measurement is a mobile based positioning (MBP) location result, and
- the second measurement is a network based positioning (NBP) location result.
14. The server of claim 8, wherein:
- the first measurement comprises, or is used to determine, a first location of the wireless device,
- the second measurement comprises, or is used to determine, a second location of the wireless device, and
- the verifying consistency further comprises determining the first and second locations are within at least a threshold distance to each other.
15. A machine readable non-transitory storage medium having stored therein program instructions that are executable by a processor to:
- receive an Identification (ID) from a wireless device;
- receive a first measurement from the wireless device;
- receive a second measurement from a trusted access point (AP), wherein the second measurement is of a signal comprising the ID; and
- verify the ID by verifying consistency of the first and second measurements.
16. The storage medium of claim 15 wherein the ID is an Institute of Electrical and Electronics Engineers (IEEE) 802.11 media access control (MAC) address.
17. The storage medium of claim 16, wherein:
- the first measurement comprises a first MAC address, the second measurement comprises a second MAC address, and the instructions to verify consistency further comprises instructions to verify the first MAC address is the MAC address of the trusted AP and the second MAC address is the ID.
18. The storage medium of claim 17, wherein:
- the first measurement further comprises one or more of: Received Signal Strength Indication (RSSI), a first Angle of signal Arrival (AOA), a first Round Trip propagation Time (RTT) associated with an AP having the first MAC address, or any combination thereof,
- the second measurement further comprises one or more of: a second RSSI, a second AOA, a second RTT determined from at least one signal comprising the ID, or any combination thereof, and
- the instructions to verify consistency further comprises instructions to determine the first RSSI, first AOA, or first RTT corresponds, respectively, with the second RSSI, the second AOA, or the second RTT within a correspondence threshold.
19. The storage medium of claim 18, wherein the correspondence threshold comprises one or more of: equality, similarity, opposition, or correlation of the first and second RSSI, AOA, or RTT values.
20. The storage medium of claim 15, wherein:
- the first measurement is a mobile based positioning (MBP) location result, and
- the second measurement is a network based positioning (NBP) location result.
21. The storage medium of claim 15, wherein:
- the first measurement comprises, or is used to determine, a first location of the wireless device,
- the second measurement comprises, or is used to determine, a second location of the wireless device, and
- the instructions to verify consistency further comprises instructions to determine the first and second locations are within at least a threshold distance to each other.
22. An apparatus to verify an identity (ID) claimed by a wireless device comprising:
- means for receiving the ID from the wireless device;
- means for receiving a first measurement from the wireless device;
- means for receiving a second measurement from a trusted access point (AP), wherein the second measurement is of a signal comprising the ID; and
- means for verifying the ID by verifying consistency of the first and second measurements.
23. The apparatus of claim 22 wherein the ID is an Institute of Electrical and Electronics Engineers (IEEE) 802.11 media access control (MAC) address.
24. The apparatus of claim 23, wherein:
- the first measurement comprises a first MAC address,
- the second measurement comprises a second MAC address, and
- the means for verifying consistency comprises verifying the first MAC address is the MAC address of the trusted AP and the second MAC address is the ID.
25. The apparatus of claim 24, wherein:
- the first measurement further comprises one or more of: Received Signal Strength Indication (RSSI), a first Angle of signal Arrival (AOA), a first Round Trip propagation Time (RTT) associated with an AP having the first MAC address, or any combination thereof,
- the second measurement further comprises one or more of: a second RSSI, a second AOA, a second RTT determined from at least one signal comprising the ID, or any combination thereof, and
- the means for verifying consistency further comprises determining the first RSSI, first AOA, or first RTT corresponds, respectively, with the second RSSI, the second AOA, or the second RTT within a correspondence threshold.
26. The apparatus of claim 25, wherein the correspondence threshold comprises one or more of: equality, similarity, opposition, or correlation of the first and second RSSI, AOA, or RTT values.
27. The apparatus of claim 22, wherein:
- the first measurement is a mobile based positioning (MBP) location result, and
- the second measurement is a network based positioning (NBP) location result.
28. The apparatus of claim 22, wherein:
- the first measurement comprises, or is used to determine, a first location of the wireless device,
- the second measurement comprises, or is used to determine, a second location of the wireless device, and
- the means for verifying consistency further comprises determining the first and second locations are within at least a threshold distance to each other.
Type: Application
Filed: Jan 22, 2015
Publication Date: Jul 30, 2015
Inventor: Stephen William Edge (Escondido, CA)
Application Number: 14/603,337
